GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability.
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For instance, a SQL query that is concatenated with a variable might traditionally be flagged as SQL injection; however, GoKart can figure out if the variable is actually a constant or constant equivalent, in which case there is no vulnerability.
To install gokart, run the following command in macOS terminal (Applications->Utilities->Terminal)
sudo port install gokart
To see what files were installed by gokart, run:
port contents gokart
To later upgrade gokart, run:
sudo port selfupdate && sudo port upgrade gokart
Reporting an issue on MacPorts Trac
The MacPorts Project uses a system called Trac to file tickets to report bugs and enhancement requests.
Though anyone may search Trac for tickets, you must have a GitHub account in order to login to Trac to create tickets.